Got it

Auto port-defend started

Created: Oct 17, 2019 12:28:54Latest reply: Oct 17, 2019 13:12:20 2240 3 0 0
  Rewarded HiCoins: 0 (problem resolved)

A large number of logs are generated on the switch, as shown in the following.

Can you explain and advise how to troubleshoot the issue

Oct  13 2019 15:46:31+08:00 VTC-7703-1 %%01SECE/4/PORT_ATTACK_OCCUR(l)[0]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet1/0/0, AttackProtocol=ARP-REQUEST)

Oct  13 2019 15:43:25+08:00 VTC-7703-1 %%01SECE/4/PORT_ATTACK_OCCUR(l)[1]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet1/0/0, AttackProtocol=ARP-REQUEST)

Oct  13 2019 15:19:59+08:00 VTC-7703-1 %%01SECE/4/PORT_ATTACK_OCCUR(l)[2]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet1/0/0, AttackProtocol=ARP-REQUEST)

Oct  13 2019 15:02:26+08:00 VTC-7703-1 %%01SECE/4/PORT_ATTACK_OCCUR(l)[3]:Auto port-defend started.(SourceAttackInterface=GigabitEthernet1/0/0, AttackProtocol=ARP-REQUEST)


  • x
  • convention:

Featured Answers
Popeye_Wang
Admin Created Oct 17, 2019 12:31:03 Helpful(0) Helpful(0)

Hi Steelbule,
Please refer to the following information.

Description

Port attack defense is started.

Parameters

Parameter Name

Parameter Meaning

SourceAttackInterface

Indicates the attack source interface.

AttackProtocol

Indicates the protocol type of attack packets.

Possible Causes

When the device detects attack packets on an interface, the device starts attack defense on the interface.

Procedure

1.    Check whether the attack actually occurs on the interface. //In your case the source attack from interface g 1/0/0. From command “display arp”, you can determine which terminal/device may cause the attack. You can isolate that device from network.

2.    If an attack actually occurs, locate the attack source. If no attack occurs, reconfigure the port attack defense function to ensure that valid protocol packets can be sent to the CPU.

Please see the configuration example of enabling port attack defense.

https://support.huawei.com/hedex/pages/EDOC100005797231188137/07/EDOC100005797231188137/07/resources/dc/dc_cfg_LocalAttackDefense_0055.html?ft=0&fe=10&hib=10.3.13.4.6.1&id=dc_cfg_LocalAttackDefense_0055&text=Example%20for%20Configuring%20Local%20Attack%20Defense&docid=EDOC1000057972


View more
  • x
  • convention:

All Answers
Popeye_Wang
Popeye_Wang Admin Created Oct 17, 2019 12:31:03 Helpful(0) Helpful(0)

Hi Steelbule,
Please refer to the following information.

Description

Port attack defense is started.

Parameters

Parameter Name

Parameter Meaning

SourceAttackInterface

Indicates the attack source interface.

AttackProtocol

Indicates the protocol type of attack packets.

Possible Causes

When the device detects attack packets on an interface, the device starts attack defense on the interface.

Procedure

1.    Check whether the attack actually occurs on the interface. //In your case the source attack from interface g 1/0/0. From command “display arp”, you can determine which terminal/device may cause the attack. You can isolate that device from network.

2.    If an attack actually occurs, locate the attack source. If no attack occurs, reconfigure the port attack defense function to ensure that valid protocol packets can be sent to the CPU.

Please see the configuration example of enabling port attack defense.

https://support.huawei.com/hedex/pages/EDOC100005797231188137/07/EDOC100005797231188137/07/resources/dc/dc_cfg_LocalAttackDefense_0055.html?ft=0&fe=10&hib=10.3.13.4.6.1&id=dc_cfg_LocalAttackDefense_0055&text=Example%20for%20Configuring%20Local%20Attack%20Defense&docid=EDOC1000057972


View more
  • x
  • convention:

Steelblue
Steelblue Created Oct 17, 2019 13:04:00 Helpful(0) Helpful(0)

So how to detect the attack?
View more
  • x
  • convention:

Popeye_Wang
Popeye_Wang Admin Created Oct 17, 2019 13:12:20 Helpful(0) Helpful(0)

  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login

Huawei Enterprise Support Community
Huawei Enterprise Support Community
Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.